Minutes: WSC WG weekly 2007-06-06

The minutes from our telephone conference on 6 June were approved
and are available online:

  http://www.w3.org/2007/06/06-wsc-minutes

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>




   [1]W3C

                                 WSC WG weekly
                                   6 Jun 2007

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Praveen Alavilli,
          Rachna Dhamija,
          Mike Beltzner,
          Jan Vidar Krey,
          Audian,
          Yngve Pettersen,
          Johnathan Nightingale,
          Stephen Farrell,
          Hal Lockhart,
          Chuck Wade,
          Bill Doyle,
          Maritza Johnson ,
          Thomas Roessler,
          Phillip Hallam-Baker
          Mary Ellen Zurko,
          Tim Hahn,

   Regrets
          -

   Chair
          Mary Ellen Zurko

   Scribe
          Praveen

Contents

     * [4]Topics
         1. [5]approving last meeting's minutes
         2. [6]Newly Completed Action Items
         3. [7]Agenda Bashing
         4. [8]Trusted Browser Component
         5. [9]Threat trees
         6. [10]Next Meeting - Wednesday, June 13th
     * [11]Summary of Action Items
     __________________________________________________________________


approving last meeting's minutes

   [12]http://www.w3.org/2007/05/23-wsc-minutes

   MEZ: from last conf call not f2f
   ... minutes are approved

Newly Completed Action Items

   MEZ: done some cleanup on the action items
   ... no issues ...
   ... some closed due to inactivity
   ... no issues with closed actions

Agenda Bashing

   [13]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0027.html

   MEZ:today we will be finishing up the lightning discussions and discuss
   about action-177 that thomas would lead ...

   <Mez>
   [14]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html

   MEZ: we will add threat tree discussions to agenda

   <Mez> [15]http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent

   MEZ: Trusted Browser Component will be discussed in the lightning
   discussions today

Trusted Browser Component

   rachna: describing an interface to an mutual authentication protocol
   ...
   ... proposal requires users to login to a trusted component in the
   browser ...
   [INS: ... goal is to make sure credentials are not transferred outside
   of the ...
   ... browser and to capture user intent to login to a site, even when
   they ...
   ... don't know they are at the wrong site ... :INS]

   rachna: assumptions are being discussed
   ... discussing expected user behaviour

   for
   reference:[16]http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent

   comparing with Verisign's Seatbelt

   rachna:[INS: Verisign seatbelt is an add-on that has a spoofable
   red/green ...
   ... indicator to indicate whether user is at the correct openID site.
   This ...
   ... proposal is similar only in that it allows user to know whether
   they are ...
   ... at a site they have been to and approved before ... :INS]

   johnath: how it would it related to PII

   rachna:[INS: There are some abstract ideas that may overlap...
   ... in particular both proposals try to inform the user that they are
   ...
   ... at the same site they have been to and trusted in the past, but ...
   ... using different interaction techniques. :INS]

   <Mez> I think our proposals/recommendations will/should be mergingmore
   as we go forward

   <Mez> I want to start categorizing, moving pieces around, etc.

   <Mez> some are about displaying information, some about input, some
   about making displays non guessable

   rachna: requesting feedback from the group

   chuck: this kind of proposal is very constructive. Issue is whether it
   should be at browser level or at the OS level...
   ... to make it a broader way to work across applications
   ... comparing with CardSpace - wondering if we view this as 2 separate
   proposal - one at OS level and one at browser level...

   rachna: OS/Platform are out of scope currently so need to see how we
   can address this

   tlr: there are kernel-level http daemons, but that doesn't make http a
   system-level spec, OS does enable certain features in browsers, but
   this is definetely not a charter to deal with OS level

   stephenf: proposal is quite resonable and could be done in a way that's
   generically useful

   johnath: replying to chuck's question about in scope or not

   <tlr> +1 to johnath

   johnath: cardspace is impl at system level and that's great but it's
   probably not good to spend time on it but concentrate at browser level

   hal: seems like there are bunch of proposals, good idea but isn't it at
   the same level of a new protocol out of scope like a OS

   <Chuck> I was more concerned with the implied constraint that this is a
   recommendation for browsers only. If we can abstract this as guidance
   that could be implemented at any level, then I believe we will be
   offering more useful recommendations.

   hal: the proposal needs a new shared secret that servers don't do
   today...

   <stephenF> Doesn't tlr supportt session re-init?

   <PHB2> The real issue in my view is not where it is implemented but
   whether it is designed in such a way as to be easily digestible at the
   platform level. It is entirely possible to implement CardSpace without
   using the secure desktop, the CardSpace design on XP is not as
   integrated as Vista, on linux it might not be integrated at all

   hal: so it requires new changes

   <tlr> chuck, I think we're aiming for that abstraction level

   phb: can it be something simple enough that can later be extended to OS
   level. designing something that's small enough and bound enough - the
   advantage with web is that it satisfies this requirement - same as JS
   ... looking at cardspace to extend it to payment system

   tlr: question- do not understand what trust it's adding, logging into a
   browser is not necessarily be a good thing as we might not want the
   password to be shared with a client.

   <PHB2> ANother parallel here would be the SiteSeal that VeriSign uses
   to represent a secure site - most other CAs have a similar program. The
   SiteSeal is content and thus inevitably spoofable. But we have been
   proposing browser extensions to support site seal in the chrome for
   over a decade now - that is where logotype came from originally.

   tlr: probably better to define best practices for presentations so
   browsers can pick up and implement those

   <Mez>
   [17]http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html

   <scribe> ACTION: rachna to expand on the proposal and incorporate
   today's discussions [recorded in
   [18]http://www.w3.org/2007/06/06-wsc-minutes.html#action01]

   <trackbot> Created ACTION-257 - Expand on the proposal and incorporate
   today\'s discussions [on Rachna Dhamija - due 2007-06-13].

   <rachna>

[19]Threat trees

   MEZ: need to figure out where to go next with Threat trees

   rachna: walk through the list and find out what's useful
   ... requesting thomas's view on usecases and how these apply to them

   <rachna> thoma: threat trees should be there own document and not be in
   the critical path of getting the note done.

   tlr: suggestion to keep it separate as a companion document but donot
   put threat trees into the critical path for use cases. They are more
   useful technically but probably should not be in the critical path

   <stephenF> tend to agree with TLR

   <Chuck> I will put in a vote that the threat trees are useful. I also
   believe that the refinements to the threat tree Wiki page have made
   this much more useful. We need this to justify why we are making any
   recommendations to improve Web Security Context.

   johnath: threat trees aren't something that's guiding people might be a
   wrong statement. threat trees does help as an excercise to understand
   real world example/threats and help in trying to mitigate threats that
   bad people can insert.

   rachna: agrees with jonath

   <Zakim> Thomas, you wanted to ask what this mean in terms of the note

   tlr: threat trees are useful excercise but what is the right time for
   them ?

   <johnath> urr - only spelled properly

   tlr: still feels they would mostly be useful as a companion note as
   part of the recommentations

   <Zakim> johnath, you wanted to rpely to thomas

   johnath: fair point. it's about justifying recommendation. seems like
   available security information and usecases might influence the docs.

   <Chuck> Well said!

   bill-d: threat trees also help to find out what's missing

   <johnath> thomas - agree

   <johnath> (I won't q+ to say so, but agree)

   <Mez> I'm beginning to hear that a concrete proposal about exactly what
   to put into the note on threat trees might fly

   <Audian> i agree

   tlr: if we can convert the threat trees into something presentable that
   might be useful

   <Mez> could be the threat trees, or just a pointer to the wiki, or some
   simplified version

   <Zakim> stephenF, you wanted to say that we'll always miss threats ;
   later is better

   <bill-d> Bill-d Threat tree will help define items in scope and
   recomendations for items out of scope

   stephenF: don't think it's useful yet but might be later

   mez: asking for volunteers to take the proposal and expand on it

   <Mez> yes, the list is easier to read and understand

   <Mez> it has a more natural language, less formal structure

   johnath: threat tree is relatively complicated looking text. whether it
   makes sense to include without recommendations.

   <tlr>
   [20]http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/Reco
   Templ

   johnath: if we put them in the recommendations text, how are we going
   to wrap it in the text.
   ... if we think it's valuable info and incl in the draft of the
   recommentation instead of note, what it should look like in the draft.

   tlr: we can do additional notes to publish new material that is useful.
   would rather see threat trees as one of those notes

   <stephenF> if threattrees is its own note, there will be an issue later
   about whether the references to that from the rec, are normative or
   informative

   <stephenF> +1 on that: if pointers to vuln DB appear in template,
   that's good

   <johnath> Mez: that's a whole other call, and I'm telling my HR contact
   about you. :)

   tlr: happy to define a template that links to the draft if that's
   useful

   <stephenF> [21]http://cve.mitre.org/ is the DB I'd use btw

   MEZ: formality of threat tree is still confusing...

   MEZ: how to link to the recommendations we are woring on

   johnath: some in the list are not in the threat tree yet. May be
   helpful to explain them more so we can link to them from the
   recommendations saying which attack/threat it;s addressing

   <tlr> "References to ThreatTrees or vulnerability databases will be
   useful, but not required."

   johnath: would that presentation be more appropriate to include

   <johnath> fine by me

   <johnath> rachna?

   <rachna> fine by me.

   <stephenF> +1 to tlr (whatever he said:-)

   thomas I would need your help to write that out :-)

   <stephenF> +1 to whoever just said whatever he said

   <tlr> accurate

   <tlr> thomas: Put the sentence I said on IRC above in there, it's not
   critical path for FPWD, but we'll do it later. Meanwhile, refine stuff
   in Wiki.

   <Chuck> It's nice to have an interpreter :-)

   every one agrees that threat trees are useful for people reading
   recommendations

   <scribe> ACTION: Rachna to create template out of Threat Trees (with
   sample threats) [recorded in
   [22]http://www.w3.org/2007/06/06-wsc-minutes.html#action02]

   <trackbot> Created ACTION-258 - Create template out of Threat Trees
   (with sample threats) [on Rachna Dhamija - due 2007-06-13].

   <tjh> sorry - have to leave for another meeting. Cheers

   chuck: trying to clarify traditional defintion of threat. what;s really
   imp and inscope of this group is what's the vulnerability to user, what
   protocol to use, etc. probably we shoudl work in terms of mapping
   threats to vulnerabilities. more interested in seeing vulnerability
   aspect of threats.

   <PHB2> attacks are useful as a means of working out vulnerabilities

   <PHB2> A vulnerability is a higher level of abstraction

   bill-d: wanted chuck to explain more on what he meant by vulnerability?

   <stephenF> A vulnerability exists without an attacker

   chuck: webpage can have a form entry for XSS, pad lock in browser not
   working, weaknesses in the user-agent that help in exploiting attacks

   bill-d: how to present information available so the user can make
   better decisions based on the information we have.

   <PHB2> StephenF, I would call a situation in which an attacker employed
   an attack as an incident.

   tlr: is there something concrete in terms of possible changing threats
   ?

   <stephenF> A vulnerability can also be important if its triggered as a
   side-effect of something else

   chuck: tie the recommendation to vulnerabilities in the system.
   vulnerability can be significant only if there is a threat to exploit
   it. so if we can come up with the threat tree for which we will develop
   recommentations.
   ... vision I have is to come up with recommendations for vulnerability
   and vulnerability is not interesting unless it has a credible threat
   against it

   rachna: no body is taking actions to take the threat tree and tie them
   up with vulnerabilities

   <Chuck> Again, this is not an AI, but a process that we follow in
   getting to credible recommenations.

   <tlr> the template update is done, indeed

   <Chuck> Glad to play a support role.

   tlr: wants to close old and undone actions

   mez: will take care of them - aked thomas to send email with them

Next Meeting - Wednesday, June 13th

   <tlr> ACTION-173 to be closed; moot

   mez: close some recommedations and prepare for some demos

   <Zakim> Thomas, you wanted to check in briefly on state of some edits

   tlr: new template in the wiki, people might want to revisit to make
   edits

   tlr: to close action 258 and open a new one with more information

   <tlr> ACTION: rachna to work with Stephen, Chuck to revisit threat
   trees; work out process to join them to substantial work [recorded in
   [23]http://www.w3.org/2007/06/06-wsc-minutes.html#action03]

   <trackbot> Created ACTION-259 - Work with Stephen, Chuck to revisit
   threat trees; work out process to join them to substantial work [on
   Rachna Dhamija - due 2007-06-13].

   <tlr> rachna, hope that's the right action item

   <tlr> if not, please fix it

Summary of Action Items

   [NEW] ACTION: Rachna to create template out of Threat Trees (with
   sample threats) [recorded in
   [24]http://www.w3.org/2007/06/06-wsc-minutes.html#action02]
   [NEW] ACTION: rachna to expand on the proposal and incorporate today's
   discussions [recorded in
   [25]http://www.w3.org/2007/06/06-wsc-minutes.html#action01]
   [NEW] ACTION: rachna to work with Stephen, Chuck to revisit threat
   trees; work out process to join them to substantial work [recorded in
   [26]http://www.w3.org/2007/06/06-wsc-minutes.html#action03]

   [End of minutes]
     __________________________________________________________________


    Minutes formatted by David Booth's [27]scribe.perl version 1.128
    ([28]CVS log)
    $Date: 2007/06/17 21:57:22 $
     __________________________________________________________________

References

   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0027.html
   3. http://www.w3.org/2007/06/06-wsc-irc
   4. http://www.w3.org/2007/06/06-wsc-minutes.html#agenda
   5. http://www.w3.org/2007/06/06-wsc-minutes.html#item01
   6. http://www.w3.org/2007/06/06-wsc-minutes.html#item02
   7. http://www.w3.org/2007/06/06-wsc-minutes.html#item03
   8. http://www.w3.org/2007/06/06-wsc-minutes.html#item04
   9. http://www.w3.org/2007/06/06-wsc-minutes.html#item05
  10. http://www.w3.org/2007/06/06-wsc-minutes.html#item06
  11. http://www.w3.org/2007/06/06-wsc-minutes.html#ActionSummary
  12. http://www.w3.org/2007/05/23-wsc-minutes
  13. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0027.html
  14. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html
  15. http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
  16. http://www.w3.org/2006/WSC/wiki/TrustedBrowserComponent
  17. http://lists.w3.org/Archives/Public/public-wsc-wg/2007Jun/0017.html
  18. http://www.w3.org/2007/06/06-wsc-minutes.html#action01
  19. http://www.w3.org/2006/WSC/wiki/ThreatTrees
  20. http://www.w3.org/2006/WSC/wiki/RecommendationDisplayProposals/RecoTempl
  21. http://cve.mitre.org/
  22. http://www.w3.org/2007/06/06-wsc-minutes.html#action02
  23. http://www.w3.org/2007/06/06-wsc-minutes.html#action03
  24. http://www.w3.org/2007/06/06-wsc-minutes.html#action02
  25. http://www.w3.org/2007/06/06-wsc-minutes.html#action01
  26. http://www.w3.org/2007/06/06-wsc-minutes.html#action03
  27. http://dev.w3.org/cvsweb/%7Echeckout%7E/2002/scribe/scribedoc.htm
  28. http://dev.w3.org/cvsweb/2002/scribe/

Received on Sunday, 17 June 2007 22:11:54 UTC